0.0

CVE-2025-64476 -

Not used

πŸ“… Published: Nov. 5, 2025, 12:25 p.m. πŸ”„ Last Modified: Nov. 6, 2025, 3:55 a.m.

0.0

CVE-2025-64474 -

Not used

πŸ“… Published: Nov. 5, 2025, 12:25 p.m. πŸ”„ Last Modified: Nov. 6, 2025, 3:55 a.m.

0.0

CVE-2025-64472 -

Not used

πŸ“… Published: Nov. 5, 2025, 12:25 p.m. πŸ”„ Last Modified: Nov. 6, 2025, 3:55 a.m.

0.0

CVE-2025-64473 -

Not used

πŸ“… Published: Nov. 5, 2025, 12:25 p.m. πŸ”„ Last Modified: Nov. 6, 2025, 3:55 a.m.

6.4

CVSS3.1

CVE-2025-11745 - Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied attribute…

πŸ“… Published: Nov. 5, 2025, 11:24 a.m. πŸ”„ Last Modified: April 22, 2026, 1 p.m.

8.1

CVSS3.1

CVE-2025-12497 - Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via arg…

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'args[extra_template_path]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on t…

πŸ“… Published: Nov. 5, 2025, 11:24 a.m. πŸ”„ Last Modified: April 22, 2026, noon

5.3

CVSS3.1

CVE-2025-12192 - The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Infor…

The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain the…

πŸ“… Published: Nov. 5, 2025, 9:27 a.m. πŸ”„ Last Modified: April 21, 2026, 6:45 p.m.

4.3

CVSS3.1

CVE-2025-12469 - FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 -…

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to perform administrative …

πŸ“… Published: Nov. 5, 2025, 9:27 a.m. πŸ”„ Last Modified: April 21, 2026, 6:45 p.m.

6.4

CVSS3.1

CVE-2025-11987 - Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-…

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent…

πŸ“… Published: Nov. 5, 2025, 9:27 a.m. πŸ”„ Last Modified: April 22, 2026, 12:15 p.m.

5.3

CVSS3.1

CVE-2025-12468 - FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 -…

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a publi…

πŸ“… Published: Nov. 5, 2025, 9:27 a.m. πŸ”„ Last Modified: April 22, 2026, 9:30 p.m.
Total resulsts: 349182
Page 3143 of 34,919
Β« previous page Β» next page
Filters